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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 4/15/2009 has been entered. 

Response to Amendment 

Claim 4 has been cancelled. Applicant's arguments/amendments with respect to pending 
claims 1-3 & 5-32 filed 3/19/2009 have been fully considered but are moot in view of the new 
grounds of rejection. 

Claim Rejections - 35 USC §101 

I. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

II. Claims 1-3 and 5-32 are rejected under 35 U.S.C. 101 based on Supreme Court precedent 
and recent Federal Circuit decisions, a 35 U.S.C § 101 process must (1) be tied to a particular 
machine or (2) transform underlying subject matter (such as an article or materials) to a different 
state or thing. In re Bilski et al, 88 USPQ 2d 1385 CAFC (2008); Diamond v. Diehr, 450 U.S. 
175, 184 (1981); Parker v. Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 
63, 70 (1972); Cochrane v. Deener, 94 U.S. 780,787-88 (1876). 
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An example of a method claim that would not qualify as a statutory process would be a 
claim that recited purely mental steps. Thus, to qualify as a § 101 statutory process, the claim 
should positively recite the particular machine to which it is tied, for example by identifying the 
apparatus that accomplishes the method steps, or positively recite the subject matter that is being 
transformed, for example by identifying the material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine and do not perform a 
transformation. Thus, the claims are non-statutory. 

The mere recitation of the machine in the preamble with an absence of a machine in the 
body of the claim fails to make the claim statutory under 35 USC 101 . Note the Board of Patent 
Appeals Informative Opinion Ex parte Langemyer et al. 



Claim Rejections - 35 USC § 103 

III. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

IV. Claims 1-3, 5-16, 18-20, 22-24, 26-28, and 30-32 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wertheimer et al., US Patent No. 5,920,630 and further in view of 
Husemann et al, US Patent No. 6,192,349. 



As per claim 1 : 
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Wertheimer et al. substantially teach a method including the steps of: allocating first 
secret key to the primary entity (col. 6, lines 53-57); for each of the one or more secondary 
entities, determining second secret key by applying a one way function to that secondary entity's 
identifier and the first secret key (col. 6, line 65 - col. 7, line 1 1), such that the second secret key 
is a variant of the first secret key only ascertainable with knowledge of the first secret key (col. 6, 
line 65 - col. 7, line 1 1); allocating the second secret key to the or each secondary entity (col. 7, 
lines 12-25). 

Not explicitly disclosed is applying the one way function to only the secondary entity's 
identifier and the first secret key. However, Husemann et al. teach that, in an environment that 
makes use of smart cards owned by one or more secondary entities, a secret key for each card 
can be generated by performing a hash over a master key and the card's identifier (col. 2, lines 
45-5 1). Therefore, it would have been obvious to a person in the art at the time the invention 
was made to modify the method disclosed in Wertheimer et al. to create the secret key from only 
a primary key and the secondary entity's identifier. This modification would have been obvious 
(in light of KSR) because a person having ordinary skill in the art, at the time the invention was 
made, could have generated a key in the manner claimed since Husemann et al. suggest that one 
of ordinary skill in the art could have used only a primary entity's key and a secondary entity's 
identifier to generate a secret key in col. 2, lines 45-5 1 . 
As per claim 2: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein the identifiers allocated to the secondary 
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entities are generated stochastically, pseudo-randomly or arbitrarily (col. 8, lines 53-67). 
As per claim 3: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 

2. Furthermore, Wertheimer et al. teach wherein the one-way function is a hash function (col. 9, 
lines 8-15). 

As per claim 5: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 

3. Furthermore, Wertheimer et al. teach wherein the one-way function is a Secure Hash 
Algorithm function (col. 9, lines 8-15). 

As per claim 6: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein each of the entities is implemented in an 
integrated circuit (col. 6, lines 25-50). 
As per claim 7: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein each of the entities is implemented in an 
integrated circuit separate from the integrated circuits in which the other entities are 
implemented (col. 6, lines 25-50). 
As per claim 8: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein one or more of the secondary entities are 
implemented in a corresponding plurality of integrated circuits (col. 6, lines 25-50). 
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As per claim 9: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein the primary entity is implemented in an 
integrated circuit (col. 6, lines 25-50). 
As per claim 10: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach wherein both the primary and secondary entities are 
implemented in integrated circuits (col. 6, lines 25-50). 
As per claim 1 1 : 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 

I . Furthermore, Wertheimer et al. teach in which the first entity wishes to communicate with one 
of the second entities, the method including the steps, in the first entity, of: receiving data from 
the second entity (col. 6, line 53 - col. 7, line 1 1); using the data and the first secret key to 
generate the second secret key associated with the second entity (col. 6, line 53 - col. 7, line 1 1). 
As per claim 12: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 

I I . Furthermore, Wertheimer et al. teach wherein the data contains an identifier for the second 
entity (col. 6, line 65 - col. 7, line 11). 

As per claim 13: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 1 . Furthermore, Wertheimer et al. teach in which the first entity wishes to send an authenticated 
message to the second entity, the method including the steps, in the first entity, of: using the 
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generated second secret key to sign a message, thereby generating a digital signature; outputting 
the message and the digital signature for use by the second entity, which can validate the 
message by using the digital signature and its own copy of the second secret key (col. 10, lines 
19-37). 

As per claim 14: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
13. Wertheimer further teach the method in which the generated signature includes its own copy 
of the second secret key and in which the generated signature includes a nonce from the first 
entity, and the output from the first entity includes the nonce, thereby enabling the second entity 
to validate the message using the digital signature, the nonce (col. 12, lines 43-51). 
As per claim 15: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 1 . Furthermore, Wertheimer et al. teach wherein the data contains a first nonce (col. 12, lines 
43-51). 

As per claim 16: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
15. Furthermore, Wertheimer et al. teach the method in which the first entity wishes to send an 
authenticated message to the second entity, the method including the steps, in the first entity, of: 
using the generated second secret key and the nonce to sign a message, thereby generating a 
digital signature; outputting the message and the digital signature for use by the second entity, 
which can validate the message by using the digital signature and its own copy of the second 
secret key (col. 12, lines 43-60). 
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As per claim 18: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 1 . Furthermore, Wertheimer et al. teach the method in which the first entity wishes to send an 
encrypted message to the second entity, the method including the steps, in the first entity, of: 
using the generated second secret key to encrypt a message, thereby generating an encrypted 
message; outputting the encrypted message for use by the second entity, which can decrypt the 
message by using its own copy of the second secret key (col. 9, lines 49-61). 
As per claim 19: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
18. Furthermore, Wertheimer et al. teach the method in which the encrypted message includes a 
nonce from the first entity, and the output from the first entity includes the nonce, thereby 
enabling the second entity to decrypt the message using the nonce, and its own copy of the 
second secret key (col. 12, lines 43-51). 
As per claim 20: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
15. Furthermore, Wertheimer et al. teach the method in which the first entity wishes to send an 
encrypted message that incorporates the first nonce to the second entity, the method including 
the steps, in the first entity, of: using the generated second secret key to encrypt a message and 
the first nonce, thereby generating an encrypted message; outputting the encrypted message for 
use by the second entity, which can decrypt the encrypted message by using its own copy of the 
second secret key (col. 10, lines 19-37). 
As per claim 22: 
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Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an authenticated message to the first entity, the method including the steps, in the second 
entity, of: using the second secret key to sign a message, thereby to generate a digital signature; 
and outputting the message, digital signature and the second entity's identifier for use by the first 
entity, such that the first entity can use the identifier and the first secret key to generate the 
second secret key associated with the second entity, and thereby authenticate the message via the 
digital signature (col. 10, lines 19-37). 
As per claim 23 : 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an authenticated message to the first entity, the method including the steps, in the second 
entity, of: using the second secret key and a nonce to sign a message, thereby to generate a 
digital signature; and outputting the message, nonce, digital signature and the second entity's 
identifier for use by the first entity, such that the first entity can use the identifier and the first 
secret key to generate the second secret key associated with the second entity, and thereby 
authenticate the message via the nonce and digital signature (col. 12, lines 43-60). 
As per claim 24: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an authenticated message to the first entity, the method including the steps, in the second 
entity, of: receiving a first nonce from the first entity; using the second secret key and the first 
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nonce to sign a message, thereby to generate a digital signature; and outputting the message, 
digital signature and the second entity's identifier for use by the first entity, such that the first 
entity can use the identifier and the first secret key to generate the second secret key associated 
with the second entity, and thereby authenticate the message via the first nonce and digital 
signature (col. 11, lines 2-40 and col. 12, lines 43-51). 
As per claim 26: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1. Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an encrypted message to the first entity, the method including the steps, in the second 
entity, of: using the second secret key to encrypt the message, thereby to generate an encrypted 
message; and outputting the encrypted message and the second entity's identifier for use by the 
first entity, such that the first entity can use the identifier and the first secret key to generate the 
second secret key associated with the second entity, and thereby decrypt the encrypted message 
(col. 9, lines 20-61). 
As per claim 27: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an encrypted message to the first entity, the method including the steps, in the second 
entity, of: using the second secret key to encrypt the message and a nonce, thereby to generate an 
encrypted message; and outputting the nonce, encrypted message and the second entity's 
identifier for use by the first entity, such that the first entity can use the identifier and the first 
secret key to generate the second secret key associated with the second entity, and thereby 



Application/Control Number: 10/727,192 Page 1 1 

Art Unit: 2437 

decrypt the encrypted message (col. 10, lines 40-58). 
As per claim 28: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an encrypted message to the first entity, the method including the steps, in the second 
entity, of: receiving a nonce from the first entity; using the second secret key to encrypt the 
message and the nonce, thereby to generate an encrypted message; and outputting the encrypted 
message and the second entity's identifier for use by the first entity, such that the first entity can 
use the identifier and the first secret key to generate the second secret key associated with the 
second entity, and thereby decrypt the encrypted message (col. 10, lines 51-64). 
As per claim 30: 

Wertheimer et al. and Husemann et al. substantially teach the method according to any 
one of claims 14, 15, 16, 17, 19, 20, 21, 23, 24, 25, 27, 28 or 29 (i.e. claim 14). Furthermore, 
Wertheimer et al. teach wherein at least one of the nonces is a pseudo-random number (col. 10, 
lines 59-64). 
As per claim 3 1 : 

Wertheimer et al. and Husemann et al. substantially teach the method according to any 
one of claims 1 1 to 21 (i.e. claim 1 1). Furthermore, Wertheimer et al. teach wherein the 
communication is an authenticated read of a field of the first entity (col. 7, lines 1-31). 
As per claim 32: 
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Wertheimer et al. and Husemann et al. substantially teach the method according to any 
one of claims 22 to 29 (i.e. claim 22). Furthermore, Wertheimer et al. teach wherein the 
communication is an authenticated read of a field of the second entity (col. 7, lines 1-31). 
IV. Claims 17, 21, 25, and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wertheimer et al, US Patent No. 5,920,630 and Husemann et al, US Patent No. 6,192,349, as 
applied to claims 1,3, 16, and 20 above, and further in view of Bruce Schneier, Applied 
Cryptography. 
As per claim 17: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
16. Not explicitly disclosed is the method in which the generated signature includes a second 
nonce from the first entity, and the output from the first entity includes the second nonce, thereby 
enabling the second entity to validate the message using the digital signature, the first and second 
nonces, and its own copy of the second secret key. However, Schneier teaches that timestamps 
may be used in combination with digital signatures in order to prevent against replay attacks. 
Therefore, it would have been obvious to a person in the art at the time the invention was made 
to modify the method disclosed in Wertheimer et al. to use timestamps with digital signature 
technology in order to prevent from various attacks. This modification would have been obvious 
because a person having ordinary skill in the art, at the time the invention was made, would have 
been motivated to do so since Schneier suggests that timestamps prevent replay attacks on page 
38, third paragraph under section "Signing Documents and Timestamps." 
As per claim 21: 
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Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
20. Not explicitly disclosed is the method in which the encrypted message includes a second 
nonce from the first entity, and the output from the first entity includes the second nonce. 
However, Schneier teaches that timestamps may be used in combination with digital signatures 
in order to prevent against replay attacks. Therefore, it would have been obvious to a person in 
the art at the time the invention was made to modify the method disclosed in Wertheimer et al. to 
use timestamps with digital signature technology in order to prevent from various attacks. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Schneier suggests that 
timestamps prevent replay attacks on page 38, third paragraph under section "Signing 
Documents and Timestamps." 
As per claim 25: 

Wertheimer et al. and Husemann et al. substantially teach the method according to claim 
1 . Furthermore, Wertheimer et al. teach the method in which one of the second entities wishes to 
send an authenticated message to the first entity, the method including the steps, in the second 
entity, of: receiving a first nonce from the first entity; using the second secret key and the first 
nonce, thereby to generate a digital signature; and outputting the message, digital signature and 
the second entity's identifier for use by the first entity, such that the first entity can use the 
identifier and the first secret key to generate the second secret key associated with the second 
entity, and thereby authenticate the message via the first nonce, and digital signature (col. 10, 
lines 51-64). 
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Not explicitly disclosed is using a second nonce in generating a signature for the 
message, outputting the second nonce, and authenticating the second nonce. However, Schneier 
teaches that timestamps may be used in combination with digital signatures in order to prevent 
against replay attacks. Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Wertheimer et al. to use timestamps with 
digital signature technology in order to prevent from various attacks. This modification would 
have been obvious because a person having ordinary skill in the art, at the time the invention was 
made, would have been motivated to do so since Schneier suggests that timestamps prevent 
replay attacks on page 38, third paragraph under section "Signing Documents and Timestamps." 
As per claim 29: 

Wertheimer et al. and Husemann et al. substantially teach method according to claim 1 . 
Furthermore, Wertheimer et in which one of the second entities wishes to send an encrypted 
message to the first entity, the method including the steps, in the second entity, of: receiving a 
first nonce from the first entity; using the second secret key to encrypt the message and the first 
nonce, thereby to generate an encrypted message; and outputting, the encrypted message and the 
second entity's identifier for use by the first entity, such that the first entity can use the identifier 
and the first secret key to generate the second secret key associated with the second entity, and 
thereby decrypt the encrypted message (col. 10, lines 51-64). 

Not explicitly disclosed is encrypting a second nonce and outputting a second nonce. 
However, Schneier teaches that timestamps may be used in combination with digital signatures 
in order to prevent against replay attacks. Therefore, it would have been obvious to a person in 
the art at the time the invention was made to modify the method disclosed in Wertheimer et al. to 
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use timestamps with digital signature technology in order to prevent from various attacks. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Schneier suggests that 
timestamps prevent replay attacks on page 38, third paragraph under section "Signing 
Documents and Timestamps." 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nadia Khoshnoodi/ 
Examiner, Art Unit 2437 
6/4/2009 

NK 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



